Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> users using &, ", ', and other chars in input fields

users using &, ", ', and other chars in input fields

From: Michael Hill <hillmw_at_ram.lmtas.lmco.com>
Date: Thu, 29 Jan 2004 17:55:49 -0600
Message-ID: <40199D84.DBF38A5B@ram.lmtas.lmco.com> 





I have a general question about how people generally tend to deal with
users data that they enter.



As an example users enter double quotes in a text field surrounding a
specific piece of text they want to hi-lite and then it barfs during the
oracle insert step because the string is not properly delimited.



Another example is where the ampersand causes trouble when used on an
xml page so provisions are made to insert it into the table using the
ascii equavalent &amp; . But the field is only 25 characters so when a
string with 25 characters that has an ampersand is being input and we
change the ampersand to the ascii equavalent we now have more then 25
characters and update fails beacuse we have too many characters. We
could truncate them before the insert, or we could write some code to
deal with them onthe client.



Others copy and paste from word documents into a text field and in it
there are hidden formatting fields like bullets.



The users barf and complain about the application, but what we have here
is bad data.



How do most handle these?



Mike
Received on Thu Jan 29 2004 - 17:55:49 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US